Dear Readers,
My name is Franz Devantier, creator of this blog. I am an Oracle Certified
Professional (OCP DBA 11g) Security DBA.
I will be sharing with you the basic duties of an Oracle DBA, and also
some of the undocumented, and not so well known tasks.
I will make a deal with you: If you refer me to a company that needs
database support, from a few hours per week to full time, and I am able to sign
a contract with them.
Then I will give you 10% of the monthly
contract or deal price every month. When
the contract ends, and we re-sign the contract, I will again give you 10% of
the monthly contract price. This will go
on until the company no longer employs or contracts me or my agents to look
after their databases.
I can do this, because that 10% is my
marketing budget. When we re-sign the
contract, in the future, it may depend on you giving the thumbs up again, and
that is worth 10% of the monthly contract price, to be given to you as
commission.
Contact:
Franz
Security
Policies - Part 12
Authenticate clients properly.
The default mode of operation, is that Oracle allows
Operating System authenticated logons only over secure connections. This precludes using Oracle Net, and a shared
server configuration. This default
restriction prevents a remote user from impersonating another operating system
user over a network connection.
By default the initialization parameter REMOTE_OS_AUTHENT
is set to FALSE.
SQL> show parameter remote_os_authent
NAME TYPE VALUE
------------------------------------ -----------
------------------------------
remote_os_authent boolean FALSE
SQL>
If you set REMOTE_OS_AUTHENT=TRUE, then you force the
Oracle RDBMS to accept the client operating system user name received over a
nonsecure connection and use it for account access. Clients such as PC’s / Laptops, are not
trusted to perform operating system authentication properly, it is not a good
security practice to do this.
The default setting of REMOTE_OS_AUTHENT=FALSE, creates a
much more secure configuration. This
configuration enforces proper, server based authentication of clients
connecting to an Oracle database.
Therefore it is good practice to no change the default setting of the
REMOTE_OS_AUTHENT initialization parameter.
It is good practice to leave it with the value of FALSE.
If REMOTE_OS_AUTHENT=FALSE, it means that the database will
not trust that the client has already been authenticated, and will therefore
apply the standard authentication processes.
It does not mean that users can’t connect remotely.
Franz Devantier,
Need a database health check, or a security audit?
devantierf@gmail.com
Classifieds
No comments:
Post a Comment